If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

as far as i know that this product is Obsolete.... they have a new range of ProCurve products with a high security ... anyway
i work with HP in Jordan , and emailed one of the HP Networking consultants in Europe .. once he answer me i'll get back to u.

When the power of Love overcomes the Love of power, the world will know peace... Jimi Hendrix
-------------------------------------------------------------
I dream of giving birth to a child who will ask...... what was war?

I will research our sources with your query to see if there is anything
known. Could you please provide me with exact details of the exploit as
reported by your friend?
The URL mentioned in your original post is most
likely local. If you have any screenshots or step by step process of the
hack, I would be most gratefull.

Awaiting your reply,

When the power of Love overcomes the Love of power, the world will know peace... Jimi Hendrix
-------------------------------------------------------------
I dream of giving birth to a child who will ask...... what was war?

i had the answer for u , from our ProCurve Networking Department.
---------------------------------------------------------------------------------------------------------------
I found the exploit discussed in a newsgroup called bugtraq (see below) and
after testing it here it became clear what's going on. A user who is
configured for Read Only Access can obtain access tohttp://host/security/web_access.html (host is the IP address of the hub) and
then compromise the Read-Write Access.

As far as my testing allowed, only a pre-configured Read Only user can
actually pull this trick. I will keep on playing with this issue and request
the lab's assistance.

Summary:
A problem with the HP switch allows some users to change
configuration of the switch. A bug introduced in the HP AdvanceStack
J3210A that could allow users full access on the switch. Upon taking
advantage of this vulnerability, the user could change the
configuration of the switch and could change admin password.

Therefore, it is possible for a superuser password changing with
unprivileged access on the switch to gain elevated privileges, and
potentially change configuration of the switch.

When the power of Love overcomes the Love of power, the world will know peace... Jimi Hendrix
-------------------------------------------------------------
I dream of giving birth to a child who will ask...... what was war?

When the power of Love overcomes the Love of power, the world will know peace... Jimi Hendrix
-------------------------------------------------------------
I dream of giving birth to a child who will ask...... what was war?